2 matches found
CVE-2020-26178
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated...
CVE-2020-26178
The CVE-2020-26178 affects Tangro Business Workflow before 1.18.1, where knowledge of an attachment ID allows downloading work-item attachments without authentication due to an authorization issue. This is documented across multiple sources (CNVD-2020-74066, NVD/NVD entry). Remediation: upgrade t...